On Tue, Apr 01, 2025 at 04:29:14PM +0200, Florian Westphal wrote:
> a delete request will cause a crash in obj_cache_dump, move the deref
> into the filter block.
>
> Fixes: dbff26bfba83 ("cache: consolidate reset command")
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Thanks.
> ---
> src/cache.c | 6 ++++--
> .../testcases/bogons/nft-f/delete_nonexistant_object_crash | 1 +
> 2 files changed, 5 insertions(+), 2 deletions(-)
> create mode 100644 tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
>
> diff --git a/src/cache.c b/src/cache.c
> index b75a5bf3283c..c0d96bd14a80 100644
> --- a/src/cache.c
> +++ b/src/cache.c
> @@ -902,6 +902,7 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx,
> int family = NFPROTO_UNSPEC;
> const char *table = NULL;
> const char *obj = NULL;
> + bool reset = false;
> bool dump = true;
>
> if (filter) {
> @@ -914,9 +915,10 @@ static struct nftnl_obj_list *obj_cache_dump(struct netlink_ctx *ctx,
> }
> if (filter->list.obj_type)
> type = filter->list.obj_type;
> +
> + reset = filter->reset.obj;
> }
> - obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump,
> - filter->reset.obj);
> + obj_list = mnl_nft_obj_dump(ctx, family, table, obj, type, dump, reset);
> if (!obj_list) {
> if (errno == EINTR)
> return NULL;
> diff --git a/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
> new file mode 100644
> index 000000000000..c369dec8c07d
> --- /dev/null
> +++ b/tests/shell/testcases/bogons/nft-f/delete_nonexistant_object_crash
> @@ -0,0 +1 @@
> +delete quota a b
> --
> 2.49.0
>
>
